Configuring OAuth Authentication¶
Step 1 - Set Up OAuth with Providers¶
To use OAuth with any application, you'll need to get a key and secret from the OAuth provider website. To do this, you usually need to register your app first. Here's some handy links to get started:
- Google - https://www.google.com/accounts/ManageDomains
- Twitter - https://dev.twitter.com
- Facebook - https://developers.facebook.com/apps
Step 2 - Configure providers.yml¶
Once you have your OAuth credentials from the provider, you need to add them to Opal's config file. Opal stores your app's authentication provider information (such as your consumer key and secret) in config/providers.yml. Opal comes with an example providers.yml file that we can use.
cp config/providers.yml.default config/providers.yml
Next, open config/providers.yml with your favorite text editor and add your credentials. Here's what your config file should look like:
providers: google: key: CONSUMER_KEY secret: CONSUMER_SECRET facebook: key: APP_ID secret: APP_SECRET twitter: key: CONSUMER_KEY secret: CONSUMER_SECRET
Once you're done, save your changes and restart your rails application if you're running it in production mode. Opal will automatically detect your OAuth provider information and instantly preset users with new login choices:
Advanced Configuration Options¶
If your server is having trouble connecting to an OAuth provider, or you're getting errors that look like this:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
You may need to tell omniauth(the ruby gem that Opal uses for OAuth) where your server's certificates are. You can get this location by using this command:
openssl version -a # get openssl info, root certs location is OPENSSLDIR
Copy the directory next to OPENSSLDIR and add it to config/providers.yml. Your config file should look something like this:
:client_options: :ssl: :ca_path: /etc/ssl/certs # specify path to root certs providers: google: ...
Restart your application, if necessary, and try it again.